Meta Hit with €91M Fine for Password Leak
The Data Protection Commission fined Meta, the parent corporation of Facebook, 91 million euros.
It comes after an inquiry into Meta's unintentional storage of some user passwords on its internal systems without encryption, or in plaintext.
Millions of Facebook and Instagram users were affected by the problem.
In March 2019, Meta Ireland reported the breach to the DPC. No outside parties were given access to the passwords.
The Data Protection Commission (DPC) discovered several violations of the General Data Protection Regulation (GDPR), such as neglecting to report the data breach to the commissioner, failing to keep track of the data breach, and failing to take the necessary organisational and security precautions to ensure password confidentiality.Deputy Commissioner Graham Doyle said: “It is widely accepted that user passwords should not be stored in plaintext, considering the risks of abuse that arise from persons accessing such data.
“It must be borne in mind that the passwords the subject of consideration in this case are particularly sensitive, as they would enable access to users’ social media accounts.”